Title: Sr. Security Operations Analyst Location: GA Atlanta 1050 Techwood Drive NW remote type Hybrid time type Full time job requisition id R000105840 Welcome to Warner Bros. Discovery… the stuff dreams are made of. Who We Are… When we say, “the stuff dreams are made of,” we’re not just referring to the world of wizards, dragons and superheroes, or even to the wonders of Planet Earth. Behind WBD’s vast portfolio of iconic content and beloved brands, are the storytellers bringing our characters to life, the creators bringing them to your living rooms and the dreamers creating what’s next… From brilliant creatives, to technology trailblazers, across the globe, WBD offers career defining opportunities, thoughtfully curated benefits, and the tools to explore and grow into your best selves. Here you are supported, here you are celebrated, here you can thrive. *Must work a hybrid schedule (3 days onsite) out of our Atlanta office.* Overview The Senior Cybersecurity Analyst – CSOC is a Senior level non-management role that reports directly to the CSOC Manager. They will be responsible for guiding a hybrid team of security analysts tasked to detect, Triage, analyze, respond, and report cybersecurity incidents in addition to performing advanced analysis and assisting with incident response. A successful candidate will be able to use experience, knowledge, and critical thinking to perform CSOC duties that deviate from daily norms with minimal guidance and mentor more junior analysts on the solution. As a Senior Analyst, this individual must be highly organized, detail oriented, and able to manage multiple investigations, projects, and deliverables at once. Role & Responsibilities: Security Operations – - In-depth security event analysis - Facilitate and oversee the execution of day-to-day directions given by CSOC Manager - Enhancing detection and alert maturity - Enhancing technical and administrative processes and procedures. - Providing blue team subject matter expertise to advise CSOC Leadership and mentor Analysts. - Document and communicate findings and after-action reports to the entire security team. - Review investigations and perform QA/QC. - Drive alert logic refinement through tuning and whitelisting - Train and Mentor Associate and Mid-level Analysts - Preforming Tier 3 On Call rotations to include Weekends or Nights Support IR Investigations – - Incident coordination by assignment of Work Streams and creation of reports - Serve as the technical escalation point for the CSOC team. - Provide ad-hoc training to team members Project Work – - Perform CSOC maturity projects under the guidance of Cyber Operations Leadership - Partner with Security Engineering teams to enhance features and capabilities within current security tooling. - Create and update written policies and procedures. Qualifications & Experiences: - 5 -7 years of relevant experience or equivalent demonstratable knowledge & skill set. - Ability to think critically to solve problems with minimal guidance. - Ability to perform comprehensive Incident, root cause analysis and write technical reports. - The ability to conduct investigations on multiple operating systems such as Linux, iOS, and Windows. - Experience performing manual log analysis from a variety of host-based and network-based sources. - The ability to conduct security investigations without the assistance of pre-extracted data or pre-established queries across multiple platforms such as Splunk, OS CLI/Terminal, Sentinel One, etc. - Experience using modern CSOC/Fusion Center enterprise security suite. - Familiarity with Digital Forensics and Incident Response (DFIR) concepts. - Experience participating in CIRT/CSIRT investigations. - Knowledge of exploits, vulnerabilities, malware families and common attack vectors. - Scripting (Python, PowerShell, bash), regex experience isa plus. - Experience with firewalls, intrusion detection/prevention systems. - Effective in collaborating with teams in remote offices and multiple cultures across the globe. - Intermediate or higher Security Certifications are a plus - CYSA+, CISSP, CFR, CHFI, GCIH, GCFA, or GNFA, PenTest+, OSCP, etc. - Ability to tailor complicated Security and Technical information to the comprehension levels of intended audiences, whether that be non-technical Senior Executives or highly technical Subject Matter Experts. How We Get Things Done… This last bit is probably the most important! Here at WBD, our guiding principles are the core values by which we operate and are central to how we get things done. You can find them at www.wbd.com/guiding-principles/ along with some insights from the team on what they mean and how they show up in their day to day. We hope they resonate with you and look forward to discussing them during your interview. Championing Inclusion at WBD Warner Bros. Discovery embraces the opportunity to build a workforce that reflects a wide array of perspectives, backgrounds and experiences. Being an equal opportunity employer means that we take seriously our responsibility to consider qualified candidates on the basis of merit, without regard to race, color, religion, national origin, gender, sexual orientation, gender identity or expression, age, mental or physical disability, and genetic information, marital status, citizenship status, military status, protected veteran status or any other category protected by law. If you’re a qualified candidate with a disability and you require adjustments or accommodations during the job application and/or recruitment process, please visit our accessibility page for instructions to submit your request.

• Partner with engineering teams to conduct threat modeling and security reviews on new features and architecture changes • Establish and evolve Apollo's application security program including SAST/DAST tooling, dependency scanning, and secure coding standards • Drive security requirements into the SDLC, embedding security gates into CI/CD pipelines • Identify and remediate vulnerabilities in Apollo's products and APIs, with a focus on reducing systemic risk rather than one-off fixes • Act as a security advisor for product teams building customer-facing features, particularly those involving authentication, authorization, and data handling • Advance Apollo’s detection and response strategy in partnership with engineering and IT leadership • Implement and maintain adherence to SOC 2 and other cloud security frameworks • Handle escalations from Sales and Customer Success • Build and tune monitoring, logging, and alerting systems to improve visibility while reducing noise • Drive automation of SecOps workflows to speed up investigation and response • Guide secure adoption of AI across Apollo - from internal use by engineers to AI-powered product features • Participate in our on-call rotation (we keep this lightweight and reasonable)

• Independently lead multiple technical engagements simultaneously, ensuring timely delivery of measurable security outcomes and operational improvements across client environments • Convert client business requirements into actionable technical strategies and capabilities that align with security objectives and deliver measurable value • Collaborate with internal teams and clients to design strategic roadmaps and execute plans that advance operational maturity and security posture • Drive service maturity by analyzing KPIs, SLAs, and performance trends to deliver actionable insights and continuous value improvements • Evaluate and align security solutions and recommendations with client requirements, risk profiles, and strategic objectives to ensure optimal fit and effectiveness • Assist in the documentation of business requirements, use cases, and ROI analyses to support informed decision-making and demonstrate value • Act as a technical advisor during pre-sales and post-sales engagements, ensuring solution alignment and client confidence • Provide technical expertise for proposals, contracts, and service descriptions to ensure accuracy and alignment with client needs • Recognize and recommend cross-sell and up-sell opportunities across AFC services • Lead or support security initiatives from planning through execution • Apply hands-on expertise to operationalize threat intelligence across EDR, SIEM, SOAR, and related domains, improving detection and response capabilities • Analyze patterns and anomalies to identify potential advanced threats and recommend proactive mitigation strategies • Conduct architectural reviews and provide recommendations to strengthen security, posture and operational efficiency • Assess and recommend custom detection logic, automation, or tool enhancements to address evolving threats and operational needs • Assist with platform configurations, detection logic, automation improvements • Build and develop relationships with internal and external stakeholders • Identify and assess project risks, developing mitigation strategies to ensure successful delivery and minimize impact • Validate project scope and deliverables to ensure alignment with client expectations and contractual obligations • Represent Optiv in client meetings, delivering clear technical guidance and executive-level communication • Collaborate with team members to identify issues, develop strategies, and drive continuous improvement • Provide support for projects spanning multiple functional groups by identifying collaborative opportunities, enhancing existing deliverables, and strengthening Optiv’s value to our clients • Ensure projects are delivered on time, within budget, and to quality standards, meeting or exceeding client expectations

Role Description IMPORTANT, PLEASE READ BEFORE APPLYING - Due to Federal requirements, only US citizens, US naturalized citizens or US Permanent Residents, holding a green card, will be considered. The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact. What you get to do in this role: - Serve on the frontline of security operations, supporting both ServiceNow’s commercial customers and its federal environment. - Monitor tools and systems that defend ServiceNow’s production and corporate environments. - Define relationships between seemingly unrelated events through deductive reasoning. - Continuously find ways to do things faster, better, and more effectively while maintaining a laser focus on quality. - Work on a geographically diverse team to respond to threats against our infrastructure and track cases to closure. - Participate in an on-call rotation including weekends to ensure timely response to priority incidents. - Work weekend rotational shifts and hours (Pacific Time Zone) outside of standard business hours if necessary. Qualifications - Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. - 2+ years of related experience or equivalent combination of education and experience. - Deep understanding of Security Operations Center and Security Incident Response Team protocols and procedures. - A solid foundation in networking fundamentals, with a deep understanding of TCP/IP and other core protocols. - Experience with SIEM platforms (e.g., Splunk) for log analysis and detection tuning. - Familiarity with EDR tools for endpoint detection and response. - Exposure to SOAR platforms for workflow automation and incident orchestration. - Knowledge of cloud security concepts and experience working in cloud environments (AWS, Azure, or GCP). - The ability to analyze event and system logs, perform forensic analysis, analyze malware, and process other incident response-related data as needed. - Familiarity with intrusion detection systems. - Understanding of Windows and Linux operating systems and command-line tools. - Familiarity with scripting in any language. Requirements - Any cybersecurity or network related certifications (e.g., CCNA, CompTIA, GSEC, GCIH, CEH certifications) are a plus. - ServiceNow platform knowledge is a plus. Benefits - Base pay of $97,600 - $151,300, plus equity (when applicable), variable/incentive compensation and benefits. - Health plans, including flexible spending accounts. - 401(k) Plan with company match. - Employee Stock Purchase Plan (ESPP). - Matching donations. - Flexible time away plan and family leave programs.